Circular on Implementation of two Factor Authentication for Internal Banking Processes

BPS/DIR/GEN/CIR/06/001 January 19, 2015 TO: ALL DEPOSIT MONEY BANKS (DMBs) CIRCULAR ON IMPLEMENTATION OF TWO FACTOR AUTHENTICATION FOR INTERNAL BANKING PROCESSES A major identified cause of fraud in the banking industry has been traced to increased insider abuse. This abuse revolves around identity theft and abuse of authorization. The increased use of automation in most banking payment processes has further escalated insider abuse in banks with weak authentication procedures.

It has therefore become necessary for the Central Bank to issue the following directives to all DMBs; a) Implement a Maker/Checker control structure for all payment platforms, including account and Database system maintenances on core banking systems. The risk appetite/capacity of individual banks will be a key factor in considering transaction limits for maker/checker roles. DMBs are expected to comply by December 31, 2015.

b) Implement Two Factor Authentication at login points for applications driving Transfers, Withdrawal, Deposit, Standing Order, Account Maintenance and System Maintenance processes. An implementation plan should be submitted to the Central Bank by January 30, 2015 and all banks are expected to fully comply by December 31, 2015, failing which defaulting banks would incur a penalty of N50,000.00 daily.

c) All payment processing Gateways and Third Party Processors should implement Fraud-Monitoring Tool to check transfers from an account to multiple bank accounts by December 31, 2015.

Please be guided and ensure strict compliance with the content of this circular. 'Dipo Fatokun Director, Banking and Payments System Department